Logstash Log4j Update

rishabjain1012 · June 20, 2022, 5:13am

Hi,
We are using opensource versions of logstash docker Images.
Our security team found that these images contain log4j-core-2.17.0.jar which is found to be vulnerable.
Can someone provide us an update as of when will be newer version of image available with updated version of log4j-core-2.17.1.jar

warkolm · June 20, 2022, 6:26am

Welcome to our community!

Vulnerable for what exactly?

Badger · June 20, 2022, 3:35pm

2.17.1 fixed CVE-2021-44832: Apache Log4j2 vulnerable to RCE via JDBC Appender when attacker controls configuration.

system · July 18, 2022, 3:36pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Replace Log4j from 2.11.0 to 2.15.0 Logstash	10	3072	February 3, 2022
Log4j vulnerability threat impact on Elasticsearch and Logstash versions below 5 Elasticsearch	2	1245	January 16, 2022
Logstash with log4j 2.17.1 patch release Logstash	3	2229	February 9, 2022
Regarding log4j vulnerability Elasticsearch docker	5	6438	February 2, 2022
Logstash is affected by Apache Log4j2 2.17.0 Vulnerability CVE-2021-44832? Logstash	4	2419	February 3, 2022

Logstash Log4j Update

Related topics